Hershell - Simple TCP reverse shell written in Go

Simple TCP reverse shell written in Go. It uses TLS to secure the communications, and provide a certificate public key fingerprintpinning feature, preventing from traffic interception.

Supported OS are:

Windows

Linux

Mac OS

FreeBSD and derivatives

Why ?
Although meterpreter payloads are great, they are sometimes spotted by AV products.
The goal of this project is to get a simple reverse shell, which can work on multiple systems,

How ?
Since it’s written in Go, you can cross compile the source for the desired architecture.

Building the payload
To simplify things, you can use the provided Makefile. You can set the following environment variables:

GOOS : the target OS

GOARCH : the target architecture

LHOST : the attacker IP or domain name

LPORT : the listener port

For the GOOS and GOARCH variables, you can get the allowed values here.

However, some helper targets are available in the Makefile:

depends : generate the server certificate (required for the reverseshell)

windows32 : builds a windows 32 bits executable (PE 32 bits)

windows64 : builds a windows 64 bits executable (PE 64 bits)

linux32 : builds a linux 32 bits executable (ELF 32 bits)

linux64 : builds a linux 64 bits executable (ELF 64 bits)

macos : builds a mac os 64 bits executable (Mach-O)

For those targets, you just need to set the LHOST and LPORT environment variables.

Using the shell
Once executed, you will be provided with a remote shell. This custom interactive shell will allow you to execute system commands through cmd.exe on Windows, or /bin/sh on UNIX machines.
The following special commands are supported:

run_shell : drops you an system shell (allowing you, for example, tochange directories)

inject : injects a shellcode (base64 encoded) inthe same process memory, and executes it (Windows only at the moment)

meterpreter IP:PORT : connects to a multi/handler to get a stage2reverse tcp meterpreter from metasploit, and execute the shellcode inmemory (Windows only at the moment)

Disclaimer

Any actions and or activities related to the material contained within this Website is solely your responsibility.The misuse of the information in this website can result in criminal charges brought against the persons in question. The authors and www.hack4.net will not be held responsible in the event any criminal charges be brought against any individuals misusing the information in this website to break the law.